On Thu, Nov 18, 2004 at 09:59:51PM -0800, Dave Crocker wrote:
When you walk up to an Internet kiosk in an airport and use it's mail
service, but set the From field to your home email address, you are not
spoofing anything, since the message is from you, and you are quite
authorized. Further, the kiosk operator is pretty close to the last person
who should see bounces. You, the source of the message and the person trying
to contact the addressee, want to know if the message did not get through, so
you are the one that bounces should go to.
This is false.
Scenario:
I am a domain owner of "provider.tld".
I am authorizing the use of "@provider.tld" from two hosts and those
two hosts alone.
You are my customer and decide to send mail from another computer
called "kiosk.otherdomain.tld"
In this scenario, you are still who you say you are. You are not
authorized to send mail from the kiosk.otherdomain.tld computer.
I say again: You are _NOT_ authorized.
If you care about bounces (who doesn't), you should not send mail
from that place, period. That's just the policy at provider.tld
and you agreed to its terms.
You could:
- use webmail at "webmail.provider.tld"
- use another webmail, such as hotmail
- use ssh to login at "ssh.provider.tld" and send mail from there
- use SMTP AUTH to relay your mail via mail1.provider.tld
You cannot make your own rules and do your thing despite the policy
set by the domain owner.
Alex
--
I ask you to respect any "Reply-To" and "Mail-Follow-Up" headers. If
you reply to me off-list, you'd better tell me you're doing so. If
you don't, and if I reply to the list, that's your problem, not mine.